212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 81:

    Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. What filter did he use to identify ICMP ping sweep attempts?

    A. tcp.typc == icmp
    B. icrrip.lype == icmp
    C. icmp.type == 8 or icmp.type ==0
    D. udp.lype - 7

  • Question 82:

    Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

    A. Worm
    B. Adware
    C. Virus
    D. Trojan

  • Question 83:

    Which of the following details are included in the evidence bags?

    A. Error messages that contain sensitive information and files containing passworos
    B. Software version information and web application source code
    C. Sensitive cirectories, personal, and organizational email adcress
    D. Date and time of seizure, exhibit number, anc name of incident responder

  • Question 84:

    Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive. Identify the stage he is currently in.

    A. Post-incident activities
    B. Incident disclosure
    C. Incident recording and assignment
    D. Incident triage

  • Question 85:

    Which of the following is a risk assessment tool:

    A. Nessus
    B. Wireshark
    C. CRAMM
    D. Nmap

  • Question 86:

    Alexis works as an incident responder at XYZ organization. She was asked to identify and attribute the actors behind an attack that occurred recently. For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target. Which of the following types of threat attributions is Alexis performing?

    A. Campaign attribution
    B. True attribution
    C. Nation-state attribution
    D. Intrusion set attribution

  • Question 87:

    You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file server but not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?

    A. An e-mail service issue
    B. The file server has shut down
    C. A denial-of-service issue
    D. An admin account issue

  • Question 88:

    During an incident investigation, an incident handler identifies that critical system logs were overwritten due to improper log retention policies. Which principle of incident readiness was primarily violated?

    A. Evidence admissibility
    B. Evidence availability
    C. Chain of custody
    D. Incident escalation

  • Question 89:

    They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal requests to an application is known as:

    A. Session Hijacking attack
    B. Denial of Service attack
    C. Man in the Middle attack
    D. SQL injection attack

  • Question 90:

    After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to extract information such as sender identity, mail server, sender's IP address, location, and so on. Which of the following tools Harry must use to perform this task?

    A. Clamwin
    B. Logly
    C. Yesware
    D. Sharp

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.